No announcement yet.

Retpoline v5 Published For Fending Off Spectre Branch Target Injection

  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Originally posted by andreano View Post
    … when two programs use the same shared library?
    That's how I interpret the Spectre doc: "some shared DLL memory was chosen for performing flush-and-probe detections."
    you conveniently forgot part of quote which says that dll in question is ntdll. i can't comment on windows and i don't care about windows
    Originally posted by andreano View Post
    Note that that's only for the side channel.
    note that side channel is the only way to read the answer


    • #22
      Originally posted by carewolf View Post

      Branch target injection? What part of the security issues allows writing? I thought this was all about reading.
      See Spectre Class 2 CVE-2017-5715. It's still a read-only bug, but when you can read security descriptors, write access is moot.


      • #23
        Originally posted by nanonyme View Post

        Maybe also every program with setuid. Also every interpreter (bash, Perl etc) since someone might want to run setuid scripts through it. Otherwise you might get to read memory as root
        Thanks for sharing that. I'm sure there's people in the audience who don't recognise that setuid root on typical distros is basically the same thing as "run by root".

        There are differences though if you want/need to use setuid and need strong isolation still. A well set up AppArmor or SELinux config can prevent, or restrict: setuid, sudo, su and even su -, and limit their capabilities. And if those tools don't appeal to you there's always fakeroot, LXC, and KVM.


        • #24
          Originally posted by pal666 View Post
          what are you smoking? threads share memory and can read it without attacks
          I think you just agreed with me. I said it would be limited... to what it should already be able to do.